Products Services Solutions Training Company Resources

Responder Professional

Responder Professional is the industry's first live memory and runtime analysis platform for Windows operating systems. Responder Pro integrates the most powerful physical memory and reverse engineering capabilities into one product suite providing information assurance analysts, computer emergency response teams, and computer crime investigators with the critical capabitilities to collect, analyze, diagnose and report on runtime data contained in physical memory.

Disk and signature based detection tools are no match against malicious code using the latest anti-forensics, anti-detection, and anti-debugging techniques. It's no wonder that 80% of new malware is missed by Antivirus. Responder Professional provides analysts and investigators with unprecedented visibility into memory and runtime state information to detect these resistant binaries because software (good or bad) cannot execute without being present in live memory.

With a mouse click, unknown or suspicious binaries detected by Responder can be analyzed, disassembled and debugged to determine if they are malicious and to gain understanding of their capabilities and behaviors.

HBGary Responder supports proactive security assessments, live computer incident response, forensic investigations, and malware analysis.

Preservation of Live Windows Memory (RAM)

HBGary provides the fastdump software utility as a free download to enable investigators and security analysts to easily "freeze the live memory" on workstations and servers. Fastdump is software that creates a block by block dump of physical memory on live Windows Operating systems.

Memory Analytics & Parsing

Responder FE provides the most thorough and comprehensive memory analysis capability in the industry. Responder performs all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigaiton.

Automated Malware Analysis and Reporting

Responder FE provides the ability to automatically analyze suspicous binaries found during the physical memory analytics. These suspicious files are extracted out of the physical memory file, disassembled, and then the Malware Analysis Plug-in will scan the functions, sub-routines, strings, and symbols to identify and report on suspicious capbilities and behaviors.

 

 

 

 

 

Responder Pro Memory Analytics provide the following::

  • Running processes
  • Open files
  • Passwords in clear text
  • Unencrypted data
  • Instant messages
  • Installed network devices
  • Keyboard monitors
  • Rootkits & Trojans
  • Network socket information
  • Registry info

Binary and Runtime Forensic Capabilities: Responder Pro integrates dynamic runtime tracing with dataflow and static code analysis. Captured test data is recorded in a team-member shared database for further analysis with automated scripts and interactive graphing.

  • Static Disassembly of Binaries
  • Automated Malware Analysis & Reporting
  • Advanced Graphing and Visualization
OUR PARTNERS OUR PUBLICATIONS VISIT US AT

August 2nd-7th in Las Vegas, NV